Protection of digital content transferred between computers over a network is important for many enterprises. Enterprises attempt to secure this protection by implementing some form of digital rights management (DRM) process. The DRM process often involves encrypting the piece of content (e.g. encrypting the binary form of the content) in order to restrict usage to those who have been granted a right to the content. Content in this situation involves alphanumeric material, audio material such as music, and video material. It also involves, of course, combinations thereof.
Cryptography is the traditional method of protecting data in transit across a computer network. In its typical application, cryptography protects communications (messages) between two mutually trusting parties from thievery or hackers by attack on the data in transit. However, for many digital file transfer applications (e.g. for the transfer of audio or video content), instead the party that receives the content (i.e., the receiving party) might try to break the DRM encryption that the party that supplied the content (i.e., the distributing party) applied to the content. Thus in this case the receiver is not a trusted party per se, but the point is to protect the distributor who owns the content from its misuse by the receiving party. In addition, with the proliferation of network penetration attacks, a third party may well obtain access to the receiving party's computer and thus to the protected content.
In many DRM systems now in use, the weakest link in security is not the encrypted data (message) but rather cryptographic key management and handling. As well known, modern cryptographic systems use keys which are strings of digital values for both encryption and decryption purposes. For instance, one of the more successful DRM systems, which distributes music online, requires that the receiving party's computer to maintain the unencrypted key for each piece of encrypted music in a “key bag” (repository) that is itself encrypted.
This approach has disadvantages. By encrypting the key bag instead of the keys contained in the key bag, this exposes the keys to a potential attack. Similarly to play a piece of content the receiving party's computer must decrypt the entire key bag, retrieve the key for a particular piece of content, and decrypt the content with the retrieved key.
This approach also disadvantageously allows different devices to use different formats for their key bags. The use of different key bag formats for different devices further exposes the keys to penetration when the content is transferred between devices.
Most current DRM systems encrypt content with a “content key” that is applied to a bulk encryption algorithm such AES, triple DES, or RC4. These are well known encryption systems. Typically these are symmetric key systems, that is the same key is used for encryption and decryption. With this method, the entire content is encrypted with a single content key. Normally of course it is relatively easy for users to share the encrypted files in an unauthorized fashion. However without the content key, such shared files are useless. In cases where the content key is discovered, for instance by hackers or other unauthorized users, the content key is often published and made available to the public. This substantially reduces security of the system and allows unauthorized downloading and successful decryption of the content without permission, which is extremely undesirable to the owner of the content. Usually the attackers or hackers share the discovering process, in addition to the keys themselves, and as a result even more keys are discovered and published in a public database. The less experienced users who may not be able to use the discovery process can then access the database, which is often provided in a website, to see if the content key for their particular piece of content, for instance a particular piece of music or video, is published and in turn break the copy protection on material that they have obtained without paying for. This type of attack, also known as a dictionary attack, has been found to be successful.
It is well known that an attack can discover the content key associated with each piece of content. Specifically, the content key typically remains available during play in the memory of the playback device (which is a computer or for instance digital music or video player), or even longer when the end user pauses during play. Specific DRM implementations protect against this “pause attack” already have been implemented.
This dictionary attack problem is becoming more harmful to owners of the distributed digital content, especially since there are only a few currently available commercially successful systems for distribution of videos and audio. Since there are only a few such systems, hackers, by focusing on the content available via those systems and publishing the content keys, have made unauthorized use of the content even easier.
In a typical DRM system, the pieces of encrypted digital content are maintained on a central server by the content owner or operator of the service. Users then download to their computer via the Internet particular pieces of content such as a song or a video program. The downloaded material is typically downloaded in encrypted form and the content key is transmitted also, often in a separate transmission. This is done for some form of payment. The user can then play the content by decrypting it on his computer or player. This process is transparent to the user if he has purchased an unauthorized piece of digital content since the key accompanies the downloaded file and software installed on the user's computer decrypts the file. It is also possible for the user to download the digital file to a media player. Typically this second download is also performed in the encrypted state and then the decryption occurs upon playback in the player. Again this is transparent for properly purchased content. It is generally been found best if the decryption only occurs upon playback, for security reasons. Of course if the content key has been compromised as described above, that is published, anyone can access the song and transfers of the encrypted files to unauthorized users is easily accomplished and they can then apply the decryption key even though not authorized to do so.
Therefore, the present inventors have determined that this type of so-called dictionary attack whereby keys are listed and publicly distributed to unauthorized users is a significant problem.